1

Topic: SOGo password login fails

Hi,
I have tried to use Calendar /SOGo) for the first time after a installation 1 year ago.
SOGo doesn't accept my login (see anonymized logs below).

I have already changed the default password encryption of iRedAdmin from SSHA512 -> SSHA.
I changed the same in SOGo's config from md5->sha
I also changed the user's password in MySQL from SSHA512 -> SSHA.

But still the Caldendar login doesn't work.

any idea?

Thanks

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail Easy or the downloadable installer? No, I did it manually
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Apache (433) and Nginx (444)... iRedMail runs on Nginx:444
- Manage mail accounts with iRedAdmin-Pro? Yes. V3.5
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


Jan 03 17:49:08 sogod [26758]: 172.20.11.99 "PROPFIND /SOGo/dav/user%40domain.com HTTP/1.0" 401 0/127 0.001 - - 0
Jan 03 17:49:08 sogod [26758]: <0x0x55b077777f00[SOGoDAVAuthenticator]> tried wrong password for user 'user@domain.com'!
Jan 03 17:49:08 sogod [26758]: 111.11.11.99 "PROPFIND /SOGo/dav/user%40domain.com HTTP/1.0" 401 12/127 0.001 - - 0
Jan 03 17:49:08 sogod [26758]: 111.11.11.99 "PROPFIND /SOGo/dav/user%40domain.com HTTP/1.0" 401 0/127 0.001 - - 0

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SOGo password login fails

- Can you login with same username/password to SOGo webmail?
- Did you try to reset the password?

3 (edited by fsaraji 2020-01-06 20:46:55)

Re: SOGo password login fails

ZhangHuangbin wrote:

- Can you login with the same username/password to SOGo webmail?
- Did you try to reset the password?

Yes, webmail (roundcubemail) works with the same Login, regardless of SHA or SHA512 encoding.
I have also reset the password as well and I see it changing from SHA512 to SHA in the DB.

But neither the Calendar nor the CalCard work and the error message is "wrong password".

4

Re: SOGo password login fails

I have changed the settings back to SHAA512 since I found posts in the forum about SOGo IS supporting SHAA512 encryption.
So, my installation is in default mode again and SOGo Login still doesn't work.

I can simply verify it by trying to login with my browser on "https://myserver:444/SOGo/dav/user@domain" and I get a login box. But it doesn't accept my credentials (which are correct).

I also restarted memcache after the changes... unfortunately no effect, not even after 5 min.

5

Re: SOGo password login fails

Please enable debug mode in Dovecot and try again. we need the detailed log in /var/log/dovecot/dovecot.log (or imap.log) for troubleshooting.
FYI: https://docs.iredmail.org/debug.dovecot.html

Note: the log may contains plain password, be careful and not paste it here.

6

Re: SOGo password login fails

Hi,
I have set the dovecot to debug mode but I cannot see any log activity on CalDAV login attempts.
It seems to me, that SOGo is not able to decrypt the password correctly.

any suggestion?

7

Re: SOGo password login fails

fsaraji wrote:

It seems to me, that SOGo is not able to decrypt the password correctly.

It's known that SOGo supports SSHA, SSHA512 and more. If you try one of them, it should work.

We need detailed SOGo log for troubleshooting, please turn on debug mode in SOGo and show us the detailed log:
https://docs.iredmail.org/debug.sogo.html

8

Re: SOGo password login fails

Hi,
here is the log from starting the service until the eeror occures.
It says: "No authentication sources defined"... I think this is the issue!

Jan 13 09:30:19 sogod [3421]: version 4.0.6 (build @shiva2.inverse 201902220243) -- starting
Jan 13 09:30:19 sogod [3421]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 232 MB
Jan 13 09:30:19 sogod [3421]: <0x0x556037718cb0[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':
Jan 13 09:30:19 sogod [3421]: <0x0x556037718cb0[SOGoProductLoader]>   Appointments.SOGo, MainUI.SOGo, Mailer.SOGo, ContactsUI.SOGo, MailerUI.SOGo, AdministrationUI.SOGo, CommonUI.SOGo, Contacts.SOGo, ActiveSync.SOGo, MailPartViewers.SOGo, PreferencesUI.SOGo, SchedulerUI.SOGo
Jan 13 09:30:19 sogod [3421]: All products loaded - current memory usage at 291 MB
Jan 13 09:30:19 sogod [3421]: <0x0x556037768e90[WOWatchDog]> listening on 127.0.0.1:20000
Jan 13 09:30:19 sogod [3421]: <0x0x556037768e90[WOWatchDog]> watchdog process pid: 3421
Jan 13 09:30:19 sogod [3421]: <0x0x7fec7bf8f240[WOWatchDogChild]> watchdog request timeout set to 10 minutes
Jan 13 09:30:19 sogod [3421]: <0x0x556037768e90[WOWatchDog]> preparing 3 children
Jan 13 09:30:19 sogod [3421]: <0x0x556037768e90[WOWatchDog]> child spawned with pid 3424
Jan 13 09:30:19 sogod [3421]: <0x0x556037768e90[WOWatchDog]> child spawned with pid 3425
Jan 13 09:30:19 sogod [3421]: <0x0x556037768e90[WOWatchDog]> child spawned with pid 3426
Jan 13 09:30:19 sogod [3425]: [ERROR] |SOGo| No value specified for 'SOGoProfileURL'Jan 13 09:30:19 sogod [3424]: [ERROR] |SOGo| No value specified for 'SOGoProfileURL'

Jan 13 09:30:19 sogod [3426]: [ERROR] |SOGo| No value specified for 'SOGoProfileURL'Jan 13 09:30:19 sogod [3424]: <0x0x55603797a430[WOHttpAdaptor]> notified the watchdog that we are ready

Jan 13 09:30:19 sogod [3425]: <0x0x55603797a430[WOHttpAdaptor]> notified the watchdog that we are ready
Jan 13 09:30:19 sogod [3426]: <0x0x55603797a430[WOHttpAdaptor]> notified the watchdog that we are ready
Jan 13 09:31:33 sogod [3426]: <0x0x556037840330[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Jan 13 09:31:33 sogod [3426]: <0x0x556037840330[SOGoCache]> Using host(s) 'localhost' as server(s)
Jan 13 09:31:33 sogod [3426]: [ERROR] <0x0x5560379e5840[SOGoUserManager]> No authentication sources defined - nobody will be able to login. Check your defaults.
Jan 13 09:31:33 sogod [3426]: 172.20.11.99 "PROPFIND /SOGo/dav/fsaraji%40pixip.net HTTP/1.0" 401 0/127 0.007 - - 4M
Jan 13 09:31:33 sogod [3426]: <0x0x55603778a610[SOGoDAVAuthenticator]> tried wrong password for user 'user@domain.com'!
Jan 13 09:31:33 sogod [3426]: 172.20.11.99 "PROPFIND /SOGo/dav/fsaraji%40pixip.net HTTP/1.0" 401 12/127 0.001 - - 0
Jan 13 09:31:33 sogod [3426]: 172.20.11.99 "PROPFIND /SOGo/dav/fsaraji%40pixip.net HTTP/1.0" 401 0/127 0.001 - - 0

9

Re: SOGo password login fails

What I am wondering about is, why in sogo.cong all lines are commented out with "//"? or isn't is a comment?

{
  /* *********************  Main SOGo configuration file  **********************
   *                                                                           *
   * Since the content of this file is a dictionary in OpenStep plist format,  *
   * the curly braces enclosing the body of the configuration are mandatory.   *
   * See the Installation Guide for details on the format.                     *
   *                                                                           *
   * C and C++ style comments are supported.                                   *
   *                                                                           *
   * This example configuration contains only a subset of all available        *
   * configuration parameters. Please see the installation guide more details. *
   *                                                                           *
   * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file,    *
   * make sure to move it away to avoid unwanted parameter overrides.          *
   *                                                                           *
   * **************************************************************************/

  /* Database configuration (mysql:// or postgresql://) */
  //SOGoProfileURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
  //OCSFolderInfoURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
  //OCSSessionsFolderURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";

  /* Mail */
  //SOGoDraftsFolderName = Drafts;
  //SOGoSentFolderName = Sent;
  //SOGoTrashFolderName = Trash;
  //SOGoIMAPServer = localhost;
  //SOGoSieveServer = sieve://127.0.0.1:4190;
  //SOGoSMTPServer = 127.0.0.1;
  //SOGoMailDomain = acme.com;
  //SOGoMailingMechanism = smtp;
  //SOGoForceExternalLoginWithEmail = NO;
  //SOGoMailSpoolPath = /var/spool/sogo;
  //NGImap4ConnectionStringSeparator = "/";

  /* Notifications */
  //SOGoAppointmentSendEMailNotifications = NO;
  //SOGoACLsSendEMailNotifications = NO;
  //SOGoFoldersSendEMailNotifications = NO;

  /* Authentication */
  //SOGoPasswordChangeEnabled = YES;

  /* LDAP authentication example */
  //SOGoUserSources = (
  //  {
  //    type = ldap;
  //    CNFieldName = cn;
  //    UIDFieldName = uid;
  //    IDFieldName = uid; // first field of the DN for direct binds
  //    bindFields = (uid, mail); // array of fields to use for indirect binds
  //    baseDN = "ou=users,dc=acme,dc=com";
  //    bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
  //    bindPassword = qwerty;
  //    canAuthenticate = YES;
  //    displayName = "Shared Addresses";
  //    hostname = ldap://127.0.0.1:389;
  //    id = public;
  //    isAddressBook = YES;
  //  }
  //);

  /* LDAP AD/Samba4 example */
  //SOGoUserSources = (
  //  {
  //    type = ldap;
  //    CNFieldName = cn;
  //    UIDFieldName = sAMAccountName;
  //    baseDN = "CN=users,dc=domain,dc=tld";
  //    bindDN = "CN=sogo,CN=users,DC=domain,DC=tld";
  //    bindFields = (sAMAccountName, mail);
  //    bindPassword = password;
  //    canAuthenticate = YES;
  //    displayName = "Public";
  //    hostname = ldap://127.0.0.1:389;
  //    filter = "mail = '*'";
  //    id = directory;
  //    isAddressBook = YES;
  //  }
  //);


  /* SQL authentication example */
  /*  These database columns MUST be present in the view/table:
   *    c_uid - will be used for authentication -  it's the username or username@domain.tld)
   *    c_name - which can be identical to c_uid -  will be used to uniquely identify entries
   *    c_password - password of the user, plain-text, md5 or sha encoded for now
   *    c_cn - the user's common name - such as "John Doe"
   *    mail - the user's mail address
   *  See the installation guide for more details
   */
  //SOGoUserSources =
  //  (
  //    {
  //      type = sql;
  //      id = directory;
  //      viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
  //      canAuthenticate = YES;
  //      isAddressBook = YES;
  //      userPasswordAlgorithm = sha512-crypt;
  //    }
  //  );

  /* Web Interface */
  //SOGoPageTitle = SOGo;
  //SOGoVacationEnabled = YES;
  //SOGoForwardEnabled = YES;
  //SOGoSieveScriptsEnabled = YES;
  //SOGoMailAuxiliaryUserAccountsEnabled = YES;
  //SOGoTrustProxyAuthentication = NO;
  //SOGoXSRFValidationEnabled = YES;

  /* General - SOGoTimeZone *MUST* be defined */
  //SOGoLanguage = English;
  //SOGoTimeZone = America/Montreal;
  //SOGoCalendarDefaultRoles = (
  //  PublicDAndTViewer,
  //  ConfidentialDAndTViewer
  //);
  //SOGoSuperUsernames = (sogo1, sogo2); // This is an array - keep the parens!
  //SxVMemLimit = 384;
  //WOPidFile = "/var/run/sogo/sogo.pid";
  //SOGoMemcachedHost = "/var/run/memcached.sock";

  /* Debug */
  //SOGoDebugRequests = YES;
  //SoDebugBaseURL = YES;
  //ImapDebugEnabled = YES;
  //LDAPDebugEnabled = YES;
  //PGDebugEnabled = YES;
  //MySQL4DebugEnabled = YES;
  //SOGoUIxDebugEnabled = YES;
  //WODontZipResponse = YES;
  //WOLogFile = /var/log/sogo/sogo.log;
}

10 (edited by CrashXRU 2020-01-14 13:22:45)

Re: SOGo password login fails

this is the default configuration
did you put sogo as part of iredmail or separately?


this config form iRedMail https://github.com/iredmail/iRedMail/bl … /sogo.conf
NOTE***but some of the fields there are automatically filled during installation

11

Re: SOGo password login fails

It was a part of iRedMail Installation and it was working foe a while.
It seems, that one of the updates has replaced everything with default files.
After applying the new config I get a 502 error because of:

/usr/sbin/sogod: Uncaught exception NGDidNotFindServiceException, reason: did not find service PH_SOGO_BIND_PORT

So, the SOGo Installation seems to be broken.

How can I reinstall it (or just reconfigure it) without losing all other settings and affecting the whole Mail system?

12

Re: SOGo password login fails

I guess you upgraded SOGo manually and the package generated a new /etc/sogo/sogo.conf.
You should be able to find old one generated by iRedMail under /etc/sogo/, simply restore it and restart sogo service should get SOGo working.